Eaton easyE4 PLC offers a device password protection functionality to facilitate a secure connection and prevent unauthorized access. It was observed that the device password was stored with a weak encoding algorithm in the easyE4 program file when exported to SD card (*.PRG file...
6.8CVSS
6.5AI Score
0.001EPSS
Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in a3rev Software a3 Portfolio plugin <= 3.1.0...
5.9CVSS
4.8AI Score
0.0004EPSS
There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could delete some system files without user...
7.1CVSS
6.8AI Score
0.0004EPSS
There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could start a non-public interface of an application without user...
3.3CVSS
4.1AI Score
0.0004EPSS
There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could overwrite some system configuration files and user installers without user...
7.1CVSS
6.8AI Score
0.0004EPSS
Jenkins AbsInt a³ Plugin 1.1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE)...
7.1CVSS
6.8AI Score
0.001EPSS
D-Link DIR-859 v1.05 was discovered to contain a stack-based buffer overflow via the function genacgi_main. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted...
5.5CVSS
5.6AI Score
0.001EPSS
On some Samsung phones and tablets running Android through 7.1.1, it is possible for an attacker-controlled Bluetooth Low Energy (BLE) device to pair silently with a vulnerable target device, without any user interaction, when the target device's Bluetooth is on, and it is running an app that...
8.8CVSS
8.3AI Score
0.001EPSS
The Xiaomi Mi A3 Android device with a build fingerprint of xiaomi/onc_eea/onc:9/PKQ1.181021.001/V10.2.8.0.PFLEUXM:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=28, versionName=9) that allows unauthorized microphone audio...
5.5CVSS
5.2AI Score
0.0004EPSS
The Samsung A3 Android device with a build fingerprint of samsung/a3y17ltedx/a3y17lte:8.0.0/R16NW/A320YDXU4CSB3:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps.....
7.8CVSS
7.3AI Score
0.0004EPSS
On D-Link DIR-859 A3-1.06 and DIR-850 A1.13 devices, /etc/services/DEVICE.TIME.php allows command injection via the $SERVER...
9.8CVSS
9.7AI Score
0.013EPSS
Cisco ACE30 Application Control Engine Module through A5 3.3 and ACE 4700 Application Control Engine appliances through A5 3.3 allow remote attackers to cause a denial of service (device reload) via crafted (1) SSL or (2) TLS packets, aka Bug ID...
7.5CVSS
7.4AI Score
0.006EPSS